For 40 people it seems very unlikely that it will really matter. I am guessing your Internet connection is not 1GB as well.
–
ZoredacheAug 14 '13 at 6:08

hy you want to do that when a firewall that does what you need costs less than 80 USD (in hardware) and uses nearly no electricity compared to your (pathetic - sadly) windows firewall (still no real firewall there). Check Mikrotik routers - a 750 should be enough.
–
TomTomAug 14 '13 at 6:15

Hi @Zoredache, nope, we are just having 4mbps internet speed. That is the reason we need a firewall to block the data content flow to our network
–
ShiroAug 14 '13 at 6:26

@TomTom The main reason we are having this firewall is to filter the content and blocking our staff going to some side (e.g facebook, youtube, etc). Most of the firewall outside just blocking the port, and keyword filtering, they can't even block HTTPS... What we are using is WFilter
–
ShiroAug 14 '13 at 6:26

Ah, that was "A windows based firewall" not "the windows firewall". Makes lots more sense then.
–
TomTomAug 14 '13 at 9:56

2 Answers
2

The NIC on the board will be internally connected via some kind of bus, be that PCI, PCIe, or USB. Typically system board manufacturers choose whatever bus type will sustain the full bandwidth of the NIC. In practice the bus type is almost never the limiting factor here - more important considerations are whether the NIC supports checksum offloading and whether it is reliable.

In either case, the degree of the CPU's involvement will depend entirely on the NIC's implementation, and particularly how much work is done in hardware and how much is done in the driver. That said, it's not likely your GbE firewall will be CPU-bound.

In any practical scenario you will not notice any difference between the onboard NIC (which is almost always a PCI device lately) and the add-in card one, assuming they are both GbE NICs.

That said, a dedicated firewall device of some kind would probably provide better performance with lower power consumption, space requirements, security surface, and cost. Based on your comments above, it looks like you might want a security appliance that does both firewalling and HTTP and HTTPS proxying; they do exist.

If you would like to build up your own Firewall (Hardware and OpenSource Software) i would suggest the following Requirements (rough edged)

Your Internet connection will be not even near your NICs physical capable throughput :) so lets just ignore the fact that a GbE connection is way enough.
If this Firewall would also switch/route internal connection, requirements will get a bit more interesting.

For your use case a simple Intel Atom or AMD APU would be enough. (just for routing and/or switching)

In case you want to something like DPI (deep packet inspection (via snort)) or Proxy servicing (via Squid) you'd need more power as every TCP packet, or whole stream needs to be analyzed and chosen what to be done with it.

As i mentioned in the beginning, a simple OpenSource software solution would be pfSense
pfSense provides you with an easy web GUI and package management.
And it qill run on every Hardware you'd have left around your office.

Just add Network cards to your own will (or the computers capacity) and start firewalling/switching/routing ect.

scaling with every service you run on the machine, you should consider adding more memory, more CPU or a Hard-disc for caching (proxy)

This Hardware is enough for my old school (where i do some IT work) and it has about 100 Simultanious users.
(just Routing, firewalling, and Proxy Server) ->
Soekris

EDIT:
Ohh and on your question about PCI or PCIe
This doesn't matter at all, as the bus interfaces ar fast enough for a single GbE connection.
I you want to server 10 GbE then, i'd prefer PCIe :)
the same thing with onboard or extra card.
tho onboard card has the same connection to your northbridge/southbridge/cpu as an extra card. (depending on your architecture)